While none of the organizations whose supercomputers were affected by these security incidents have published any details on them, the Computer Security Incident Response Team (CSIRT) for the European Grid Infrastructure (EGI) has released malware samples and network compromise indicators for some of the attacks.
On the same day, the organization responsible for coordinating research projects across supercomputers in the German state of Baden-Württemberg, bwHPC announced that five of its high-performance computing clusters were shut down following similar security incidents.
The University of Edinburgh, which runs the ARCHER supercomputer, suffered the first attack and the organization reported that it had disabled access to the system and reset SSH passwords due to a security exploitation on the ARCHER login nodes.
Security incidents at facilities housing supercomputers were reported in the UK, Germany and Switzerland while a similar breach was also rumored to have occurred at a high-performance computing center located in Spain.
After reviewing these malware samples, the UK-based cybersecurity firm Cado Security believes that the attackers like gained access to the supercomputer clusters by using compromised SSH credentials.